Welcome to the June 2023 OSINT review issue of the OSINT newsletter. I’m humbled to say we have nearly 4500 subscribers and the community continues to grow. This issue looks at several publications to help you hone your OSINT investigation capabilities covering topics from TikTok, Telegram, and Reddit as well as geolocation and visual recognition. I give my $0.02 on OSINT Twitter and the changes I’ve seen in that community and share several tools to expand your technical OSINT capabilities.

Thanks for reading. I’ve really appreciated all of the support.

OSINT Reads

Finding Geolocation Leads with Bellingcat's OpenStreetMap Search Tool

Bellingcat has developed a user-friendly tool that leverages OpenStreetMap data for geolocation purposes in investigations. The article thoroughly demonstrates how to use this tool, offering a straightforward method to search for distinct objects or structures captured in images within a specified region. By detailing practical examples, the article underscores the crucial role of user judgment in the search process due to certain limitations inherent in the OpenStreetMap's database.

Read more…

Investigate TikTok Like A Pro!

TikTok, an emerging social media platform, has seen significant user engagement growth over the past few years. As an open-source intelligence (OSINT) tool, it can provide real-time insights into popular culture trends, public behavior patterns, and user-generated content dynamics. Bellingcat shows you how to investigate TikTok like a pro.

Read more…

Telegram and OSINT Investigations: An Essential Platform in 2023

Telegram's rise as a communication platform with a strong emphasis on privacy has inadvertently led to an increase in its use for cybercriminal activities. Activities such as phishing, malware distribution, and ransomware attacks thrive in Telegram's secure and often invite-only channels, forming an underground economy for illicit cyber activity. In response, cybersecurity professionals must employ Open Source Intelligence (OSINT) techniques, such as keyword monitoring, social media analysis, and collaboration within the cybersecurity community, to proactively identify and mitigate these threats.

Read more…

OSINT Tip: Search Private Facebook Profiles for Valuable Information

Ashar Khalil writes a step-by-step guide on searching for information found on private Facebook profiles. Remember, responsible and ethical practices are crucial in conducting OSINT investigations, and it's essential to respect privacy and adhere to legal boundaries.

Read more…

Reddit Data API Update: Changes to Pushshift Access

In a recent API update, Pushshift has been found in violation of Reddit's Data API Terms and has been unresponsive despite multiple outreach attempts. As a result, their access to Reddit's Data API has been revoked, which may lead to changes and degradation over time. Although alternative options are being explored to supplement moderation workflows, Reddit acknowledges the potential disruption this may cause and assures moderators of their ongoing support and assistance.

Read more…

Using your own domain for email doesn’t keep others from finding out who your provider is

When it comes to using email aliases and having a personal domain, there is a common misconception that it keeps your email provider hidden from others, as the recognizable "@protonmail.com" or "@gmail.com" domain is not visible. However, this is not the case. In reality, anyone can examine the domain in your email address, look up the DNS MX record, and easily identify the name of your provider. Therefore, if someone knows your email address, they already have half of the information they need. Finding ways to address this issue requires exploring alternative strategies.

Read more…

OSINT Twitter

Over the past few months, I've noticed a concerning trend in the world of OSINT research: a significant decline in the publication of valuable insights on Twitter.

What’s left is often advertising-like posts of old tools that have been in people’s toolbelts for years. I’d like to call out that I too often share OSINT tools; however, I try to balance independent research with tool sharing to ensure I’m adding value to the community, not just sharing the value of others.

I hope this trend is temporary, though I suspect many have partially or completely abandoned the platform for personal reasons. Mastodon isn’t user-friendly, and Discord is noisy. Let’s see where things go from here.

Back to OSINT…

Alisa Gbiorczyk writes about the use of developer tools for OSINT

Join the conversation...

Cyber Detective writes about how to discover the Twitter lists a username has been added to

Join the conversation...

Remember #OSINT != tools. Tools help you plan and collect data but the end result of that tool is not OSINT. You have to analyze, verify, receive feedback, refine, and produce a final, actionable product of value before it can be called intelligence.

This is the end of the free subscription to The OSINT Newsletter. To see practical applications of OSINT tools, tactics, and techniques, please consider supporting this publication with a paid subscription.